Skip to content

Commit

Permalink
feat(ci): connect repo to Community-TC
Browse files Browse the repository at this point in the history
  • Loading branch information
matt-boris committed Nov 28, 2022
1 parent 1fc8f5f commit 7e7fffd
Show file tree
Hide file tree
Showing 11 changed files with 754 additions and 9 deletions.
5 changes: 5 additions & 0 deletions .git-template/hooks/pre-commit
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#!/usr/bin/env bash
if [ -f .pre-commit-config.yaml ]; then
echo 'pre-commit configuration detected, but `pre-commit install` was never run' 1>&2
exit 1
fi
21 changes: 21 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.3.0
hooks:
# Trims trailing whitespace
- id: trailing-whitespace
# Makes sure files end in a newline and only a newline
- id: end-of-file-fixer
# Check for files that contain merge conflict strings
- id: check-merge-conflict

- repo: https://github.com/marco-c/taskcluster_yml_validator
rev: v0.0.9
hooks:
# Validates .taskcluster.yml file against possible GitHub events
- id: taskcluster_yml

ci:
skip: [taskcluster_yml]
153 changes: 153 additions & 0 deletions .taskcluster.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
---
version: 1
reporting: checks-v1
policy:
pullRequests: public
tasks:
- $let:
ownerEmail:
$if: 'tasks_for == "github-push"'
then: '${event.pusher.email}'
else:
$if: 'tasks_for == "github-pull-request"'
then: '${event.pull_request.user.login}@users.noreply.github.com'
else:
$if: 'tasks_for == "github-release"'
then: '${event.sender.login}@users.noreply.github.com'
baseRepoUrl:
$if: 'tasks_for == "github-push"'
then: '${event.repository.html_url}'
else:
$if: 'tasks_for == "github-pull-request"'
then: '${event.pull_request.base.repo.html_url}'
base_ref:
$if: 'tasks_for[:19] == "github-pull-request"'
then: ${event.pull_request.base.ref}
else:
# event.base_ref is barely documented[1]. Testing showed it's only
# defined when creating a new branch. It's null when pushing to an
# existing branch
#
# [1] https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push
# [2] https://taskcluster-taskgraph.readthedocs.io/en/latest/reference/parameters.html#base-ref
$if: 'tasks_for == "github-push" && event.base_ref'
then: ${event.base_ref}
else:
$if: 'tasks_for == "github-push"'
then: ${event.ref}
else:
$if: 'tasks_for in ["cron", "action"]'
then: '${push.branch}'
repoUrl:
$if: 'tasks_for == "github-push"'
then: '${event.repository.html_url}'
else:
$if: 'tasks_for == "github-pull-request"'
then: '${event.pull_request.head.repo.html_url}'
project:
$if: 'tasks_for == "github-push"'
then: '${event.repository.name}'
else:
$if: 'tasks_for == "github-pull-request"'
then: '${event.pull_request.head.repo.name}'
headBranch:
$if: 'tasks_for == "github-pull-request"'
then: ${event.pull_request.head.ref}
else:
$if: 'tasks_for == "github-push"'
then: ${event.ref}
headSha:
$if: 'tasks_for == "github-push"'
then: '${event.after}'
else:
$if: 'tasks_for == "github-pull-request"'
then: '${event.pull_request.head.sha}'
pullRequestAction:
$if: 'tasks_for == "github-pull-request"'
then: ${event.action}
else: 'UNDEFINED'
in:
$if: >
tasks_for == "github-push" && headBranch == "main"
|| (tasks_for == "github-pull-request" && pullRequestAction in ["opened", "reopened", "synchronize"])
then:
taskId: {$eval: as_slugid("decision_task")}
taskGroupId: {$eval: as_slugid("decision_task")}
schedulerId: homebrew-level-1
created: {$fromNow: ''}
deadline: {$fromNow: '1 day'}
expires: {$fromNow: '1 year 1 second'} # 1 second so artifacts expire first, despite rounding errors
metadata:
owner: "${ownerEmail}"
name: Decision Task
description: Task that generates a taskgraph and submits it to Taskcluster
source: '${repoUrl}/raw/${headSha}/.taskcluster.yml'
provisionerId: proj-taskcluster
workerType: ci
scopes:
$if: 'tasks_for == "github-push"'
then:
# ${repoUrl[8:]} strips out the leading 'https://'
# while ${headBranch[11:]} strips out 'refs/heads/'
- 'assume:repo:${repoUrl[8:]}:branch:${headBranch[11:]}'
else:
$if: 'tasks_for == "github-pull-request"'
then:
- 'assume:repo:github.com/${event.pull_request.base.repo.full_name}:pull-request'
dependencies: []
requires: all-completed
payload:
image: mozillareleases/taskgraph:decision-10378fde0bf12adbd64e74313bf72ea3c6caf311ad6af23e2bff1d8f1232a221@sha256:7518c410bdf91142b0e26455d26ddaf861202cfbb3c35d0b1ef85d1ed577a5bd
cache:
homebrew-level-1-checkouts-sparse-v2: /builds/worker/checkouts
features:
taskclusterProxy: true
# chainOfTrust: true
maxRunTime: 300
env:
$merge:
# run-task uses these environment variables to clone your
# repo and checkout the proper revision
- HOMEBREW_BASE_REPOSITORY: '${baseRepoUrl}'
HOMEBREW_BASE_REF: '${base_ref}'
HOMEBREW_HEAD_REPOSITORY: '${repoUrl}'
HOMEBREW_HEAD_REF: '${headBranch}'
HOMEBREW_HEAD_REV: '${headSha}'
HOMEBREW_PIP_REQUIREMENTS: taskcluster/requirements.txt
HOMEBREW_REPOSITORY_TYPE: git
REPOSITORIES: {$json: {homebrew: "homebrew"}}
command:
- run-task
- '--homebrew-checkout=/builds/worker/checkouts/src'
- '--task-cwd=/builds/worker/checkouts/src'
- '--'
- bash
- -cx
- >
~/.local/bin/taskgraph decision
--pushlog-id='0'
--pushdate='0'
--project='${project}'
--message=""
--owner='${ownerEmail}'
--level='1'
--base-repository="$HOMEBREW_BASE_REPOSITORY"
--base-ref="$HOMEBREW_BASE_REF"
--head-repository="$HOMEBREW_HEAD_REPOSITORY"
--head-ref="$HOMEBREW_HEAD_REF"
--head-rev="$HOMEBREW_HEAD_REV"
--repository-type="$HOMEBREW_REPOSITORY_TYPE"
--tasks-for='${tasks_for}'
artifacts:
'public':
type: 'directory'
path: '/builds/worker/artifacts'
expires: {$fromNow: '1 year'}
'public/docker-contexts':
type: 'directory'
path: '/builds/worker/checkouts/src/docker-contexts'
# This needs to be at least the deadline of the
# decision task + the docker-image task deadlines.
# It is set to a week to allow for some time for
# debugging, but they are not useful long-term.
expires: {$fromNow: '7 day'}
21 changes: 12 additions & 9 deletions Formula/taskcluster.rb
Original file line number Diff line number Diff line change
@@ -1,20 +1,23 @@
# frozen_string_literal: true

# Homebrew formula for taskcluster CLI
class Taskcluster < Formula
desc "A Taskcluster client library for the command line"
desc "Client library for the Taskcluster CLI"
homepage "https://github.com/taskcluster/taskcluster/tree/main/clients/client-shell"
version "v44.17.2"
version "44.23.4"
license "MPL-2.0"

if OS.mac?
if Hardware::CPU.physical_cpu_arm64?
url "https://github.com/taskcluster/taskcluster/releases/download/#{version}/taskcluster-darwin-arm64", :using => :curl
sha256 "1ccf56972988f45c88e9a21a536728f1064eabef49a9d085e16ac41db14214a5"
url "https://github.com/taskcluster/taskcluster/releases/download/v#{version}/taskcluster-darwin-arm64"
sha256 "fe1ae43849952a5797edcad202b12ca138498c8530057ec6e2add3c78f1ddee4"
else
url "https://github.com/taskcluster/taskcluster/releases/download/#{version}/taskcluster-darwin-amd64", :using => :curl
sha256 "7897baf6c27350e5a6fe46e93f9bb4890f5dd98a117196acfb4267e639624a5c"
url "https://github.com/taskcluster/taskcluster/releases/download/v#{version}/taskcluster-darwin-amd64"
sha256 "c8c613d722122cce47a8df2189f5e278211ec71ad093533d363c88161d60f2e8"
end
elsif OS.linux?
url "https://github.com/taskcluster/taskcluster/releases/download/#{version}/taskcluster-linux-amd64", :using => :curl
sha256 "d12b40c048e96bd5376f9d28c4831075ee6b74b3c8b9bd3d85f57cc1a9ec1971"
url "https://github.com/taskcluster/taskcluster/releases/download/v#{version}/taskcluster-linux-amd64"
sha256 "618203d0fe3d6938b635b4d89d39507f608db5027fda55ebcabf251a1da0fa39"
end

def install
Expand All @@ -30,6 +33,6 @@ def install
end

test do
system "#{bin}/taskcluster --help"
system "#{bin}/taskcluster", "--help"
end
end
17 changes: 17 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,23 @@ brew install taskcluster/tap/taskcluster
brew install taskcluster
```

### Testing Formulae

To test any changes to a specific formula, such as `taskcluster`, you can use the following commands:

```bash
# check formula for Homebrew coding style violations
brew audit --strict --online --formula ./Formula/taskcluster.rb
```
```bash
# check to be sure formula can be installed still
brew install --formula ./Formula/taskcluster.rb
```
```bash
# run tests for formula
brew test --verbose ./Formula/taskcluster.rb
```

### Uninstalling Formulae

To uninstall a specific formula, such as `taskcluster`, you can use the following command:
Expand Down
25 changes: 25 additions & 0 deletions taskcluster/ci/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
trust-domain: homebrew
treeherder:
group-names:
'I': 'Docker Image Builds'

task-priority: low

taskgraph:
repositories:
ci:
name: homebrew

workers:
aliases:
images:
provisioner: proj-taskcluster
os: linux
implementation: docker-worker
worker-type: ci
ci:
provisioner: proj-taskcluster
os: linux
implementation: docker-worker
worker-type: ci
10 changes: 10 additions & 0 deletions taskcluster/ci/docker-image/kind.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
loader: taskgraph.loader.transform:loader

transforms:
- taskgraph.transforms.docker_image:transforms
- taskgraph.transforms.cached_tasks:transforms
- taskgraph.transforms.task:transforms

tasks:
homebrew:
symbol: I(homebrew-image)
23 changes: 23 additions & 0 deletions taskcluster/ci/homebrew/kind.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
loader: taskgraph.loader.transform:loader

transforms:
- taskgraph.transforms.job:transforms
- taskgraph.transforms.task:transforms

tasks:
tests:
description: brew {audit, install, test}
worker-type: ci
worker:
max-run-time: 300
docker-image:
in-tree: homebrew
run:
using: run-task
cwd: '{checkout}'
cache-dotcache: true
command: >-
brew audit --strict --online --formula ./Formula/taskcluster.rb &&
brew install --formula ./Formula/taskcluster.rb &&
brew test ./Formula/taskcluster.rb
31 changes: 31 additions & 0 deletions taskcluster/docker/homebrew/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
FROM homebrew/brew

USER root

# Add worker user and setup its workspace.
RUN mkdir /builds && \
groupadd -g 1001 worker && \
useradd -u 1001 -g 1001 -d /builds/worker -s /bin/bash -m worker && \
mkdir -p /builds/worker/workspace && \
chown -R worker:worker /builds && \
apt-get update && \
apt-get upgrade -y

USER linuxbrew

RUN brew update && \
brew upgrade && \
brew cleanup

# Declare default working folder
WORKDIR /builds/worker

ENV SHELL=/bin/bash \
HOME=/builds/worker \
PATH=/builds/worker/.local/bin:$PATH

VOLUME /builds/worker/checkouts
VOLUME /builds/worker/.cache

# Set a default command useful for debugging
CMD ["/bin/bash", "--login"]
7 changes: 7 additions & 0 deletions taskcluster/requirements.in
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# For instructions on managing dependencies, see:
# https://taskcluster-taskgraph.readthedocs.io/en/latest/howto/bootstrap-taskgraph.html

arrow
pyyaml
taskcluster
taskcluster-taskgraph
Loading

1 comment on commit 7e7fffd

@community-tc-integration
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Uh oh! Looks like an error! Details

Taskcluster-GitHub attempted to create a task for this event with the following scopes:

["assume:repo:github.com/taskcluster/homebrew-tap:pull-request","queue:route:checks","queue:scheduler-id:taskcluster-github"]

The expansion of these scopes is not sufficient to create the task, leading to the following:

Client ID static/taskcluster/github does not have sufficient scopes and is missing the following scopes:

queue:scheduler-id:homebrew-level-1

This request requires the client to satisfy the following scope expression:

{
  "AllOf": [
    "assume:repo:github.com/taskcluster/homebrew-tap:pull-request",
    "queue:route:checks",
    "queue:create-task:project:none",
    "queue:scheduler-id:homebrew-level-1",
    {
      "AnyOf": [
        "queue:create-task:highest:proj-taskcluster/ci",
        "queue:create-task:very-high:proj-taskcluster/ci",
        "queue:create-task:high:proj-taskcluster/ci",
        "queue:create-task:medium:proj-taskcluster/ci",
        "queue:create-task:low:proj-taskcluster/ci",
        "queue:create-task:very-low:proj-taskcluster/ci",
        "queue:create-task:lowest:proj-taskcluster/ci"
      ]
    }
  ]
}

  • method: createTask
  • errorCode: InsufficientScopes
  • statusCode: 403
  • time: 2022-11-28T15:42:30.946Z

Please sign in to comment.